Please forgive my "stupidity," but I'm a noob when it comes to email hosting. I route my domain through CloudFlare, and all of my emails end up in spam when I test it sending it to my personal gmail. It is saying "In order to ensure that SPF or DKIM takes effect, you must confirm that this server is an authoritative nameserver for “example.com”. If you need help, contact your hosting provider."

If I'm understanding right, this is trying to say that I have to point my domain nameservers to the internal cPanel ones, and I can't use CloudFlare? I feel like there has to be a better way. I would like to continue using CloudFlare. Forgive me if this is a totally stupid question, but I'm not experienced with hosting my own email.

Staff Member

If I'm understanding right, this is trying to say that I have to point my domain nameservers to the internal cPanel ones, and I can't use CloudFlare? I feel like there has to be a better way. I would like to continue using CloudFlare. Forgive me if this is a totally stupid question, but I'm not experienced with hosting my own email.

Click to expand...

Hello,

You can continue using CloudFlare, however because the cPanel server doesn't manage the DNS for your domain name, you must manually add the SPF/DKIM DNS records into the DNS zone directly from the CloudFlare management interface:

You can continue using CloudFlare, however because the cPanel server doesn't manage the DNS for your domain name, you must manually add the SPF/DKIM DNS records into the DNS zone directly from the CloudFlare management interface:

It took me a long time to figure out all the steps involved, so here is what you need to do.

1) Turn on DKIM signing in your outgoing messages by going to WHM, Acount Functions, Modify an Account. Edit your account by clicking "Enable DKIM on this account". Alternatively, turn on DKIM on CPanel - Email Authentication for your web site. (Ignore the fact that it only talks about DKIM for incoming mail.)
2) Figure out your DKIM public key using one of these methods:
a. The easiest way (if it works) is to find this info in CPanel - Email Authentication. If you see " Enabled & Active (DNS Check Passed)", then go on to the next method. Otherwise, you should see a long TXT record including your public DKIM key.
b. At the WHM, go to Main >> DNS Functions >> Edit DNS Zone for your domain, and find the TXT record for DKIM there.
c. Otherwise, log on to your server with Putty (or similar terminal program) for the next two steps: Figure out your DKIM Selector (e.g. 'default') by typing: grep dkim_selector /etc/exim.conf , then find out your server's DKIM public key by going to /var/cpanel/domain_keys/public/ Type "more mywebsite.com" to see the public key. Copy the public key, not including the BEGIN/END lines.
3) Go to your nameserver (perhaps with your Domain Registrar), and insert a TXT record for "default._domainkey.mywebsite.com" (use your DKIM Selector here), with a value of "v=DKIM1; g=*; k=rsa; p=PublicDomainKeyGoesHere"
4) You can send email via (a) a dedicated account, (b) sent via a web page on mywebsite.com (e.g. by PHP), or (c) an alias, using "mywebsite.com" as the From address (e.g. the actual mail account is using myotherwebsite.com, but "From" is set to something@mywebsite.com). IMPORTANT: Any email you send must have the domain name in lower case. (I believe this is a CPanel bug that they are aware of.)
5) Test it by sending an email to check@isnotspam.com. You will get a return email telling you whether the email passed several tests.